Re: Norton Virus Report - C:\WINDOWS\Fonts\win.hta

From: Mike Burgess (winhelp2002_at_spamthis.com)
Date: 04/21/04

• Next message: N. Miller: "Re: Hardware vs Software"
• Previous message: N. Miller: "Re: Hardware vs Software"
• In reply to: Matt: "Norton Virus Report - C:\WINDOWS\Fonts\win.hta"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 21 Apr 2004 06:19:31 -0400

Matt,
win.hta = Coolwebsearch trojan
http://securityresponse.symantec.com/avcenter/venc/data/vbs.bootconf.b.html

How to remove Coolwebsearch and affiliates
http://mvps.org/winhelp2002/unwanted.htm#Coolwebsearch

Note: this type hijack indicates an unpatched machine, that is lacking
in "Defense". Please visit Windows Update to avoid these exploits.

Note: be *sure* to follow-up with HijackThis
Post back with the URL where you posted if you want help with your log.
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 04-15-04]
Please post replies to this Newsgroup, email address is invalid

--
"Matt" <anonymous@discussions.microsoft.com> wrote in message
news:0fb501c4261c$53446eb0$a501280a@phx.gbl...
> I am receiving a warning from Norton everytime I start-up
> telling me it is picking up a virus at
> C:\WINDOWS\Fonts.win.hta and that it recommends stopping
> scripts.  If I stop the script I experience no problems,
> but if I choose not to (like when I'm trying to get it
> off of my computer) it seems to be the nasty bug that
> changes my homepage in Internet Explorer.  I can fix the
> problem using CWShredder, but this is a persistent,
> annoying problem.  I have searched through my fonts for
> the file/bug and I can't find it named as Norton is
> describing it.  Has anyone experienced this problem
> before?  Any help, as always, is greatly appreciated.
> Thanks.

---

• Next message: N. Miller: "Re: Hardware vs Software"
• Previous message: N. Miller: "Re: Hardware vs Software"
• In reply to: Matt: "Norton Virus Report - C:\WINDOWS\Fonts\win.hta"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: search-direct.net ... search-direct.net = Coolwebsearch trojan ... this type hijack indicates an unpatched machine, ... Please visit Windows Update to avoid these exploits. ... > bunch of links for search-direct.net. ... (microsoft.public.security.virus) Re: cant set home page ... this type hijack indicates an unpatched machine, ... in "Defense". ... Please visit Windows Update to avoid these exploits. ... (microsoft.public.windows.inetexplorer.ie6.browser) Re: Home Page ... real-yellow-page.com = Coolwebsearch trojan ... this type hijack indicates an unpatched machine, ... Please visit Windows Update to avoid these exploits. ... >>ShaZaa from inserting itself as my home page. ... (microsoft.public.windows.inetexplorer.ie6.browser) Re: PLS HELP!! Think Ive been hacked!!! ... this type hijack indicates an unpatched machine, ... Please visit Windows Update to avoid these exploits. ... Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file ... (microsoft.public.security) Re: I feel like someone has taken over my computer!!! ... find-itnow.com = CWS.Alfasearch.2 (coolwebsearch trojan) ... this type hijack indicates an unpatched machine, ... Please visit Windows Update to avoid these exploits. ... > been to is Ebay. ... (microsoft.public.security.virus)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.security.virus  > 2004-04